<body text="#000000" link="#0000ff" bgcolor="#ffffff"><center><table width="80%">
<tr><td><h1>gvmd</h1>
<h2>Greenbone Vulnerability Manager daemon</h2>


  <h2>Synopsis</h2>
<b>
    gvmd OPTIONS<br>

  </b>


  <h2>Description</h2>

    <p>
      The Greenbone Vulnerability Manager is the central management service between security scanners
      and the user clients.
    </p>

    <p>
      It manages the storage of any vulnerability management configurations and of the
      scan results. Access to data, control commands and workflows is offered via the
      XML-based Greenbone Management Protocol (GMP). The primary scanner 'OpenVAS Scanner'
      is controlled directly via protocol OTP while any other remote scanner is coupled
      with the Open Scanner Protocol (OSP).
    </p>

  


  <h2>Options</h2>

    
      <p><b>-h, --help</b></p>
      
        <p>Show help options.</p>
      
    
    
      <p><b>--broker-address=<em>ADDRESS</em></b></p>
      
        <p>Sets the address for the publish-subscribe message (MQTT) broker.
          Defaults to localhost:9138. Set to empty to disable.</p>
      
    
    
      <p><b>--check-alerts</b></p>
      
        <p>Check SecInfo alerts.</p>
      
    
    
      <p><b>--client-watch-interval=<em>NUMBER</em></b></p>
      
        <p>Check if client connection was closed every NUMBER seconds.
           0 to disable. Defaults to 1 second.</p>
      
    
    
      <p><b>--create-encryption-key</b></p>
      
        <p>Create a new credential encryption key, set it as the new default
           and exit. With no other options given, a 4096 bit RSA key is
           created.</p>
      
    
    
      <p><b>--create-scanner=<em>SCANNER</em></b></p>
      
        <p>Create global scanner SCANNER and exit.</p>
      
    
    
      <p><b>--create-user=<em>USERNAME</em></b></p>
      
        <p>Create admin user USERNAME and exit.</p>
      
    
    
      <p><b>-d, --database=<em>NAME</em></b></p>
      
        <p>Use NAME as database for PostgreSQL.</p>
      
    
    
      <p><b>--delete-scanner=<em>SCANNER-UUID</em></b></p>
      
        <p>Delete scanner SCANNER-UUID and exit.</p>
      
    
    
      <p><b>--delete-user=<em>USERNAME</em></b></p>
      
        <p>Delete user USERNAME and exit.</p>
      
    
    
      <p><b>--dh-params=<em>FILE</em></b></p>
      
        <p>Diffie-Hellman parameters file</p>
      
    
    
      <p><b>--disable-cmds=<em>COMMANDS</em></b></p>
      
        <p>Disable comma-separated COMMANDS.</p>
      
    
    
      <p><b>--disable-encrypted-credentials</b></p>
      
        <p>Do not encrypt or decrypt credentials.</p>
      
    
    
      <p><b>--disable-password-policy</b></p>
      
        <p>Do not restrict passwords to the policy.</p>
      
    
    
      <p><b>--disable-scheduling</b></p>
      
        <p>Disable task scheduling.</p>
      
    
    
      <p><b>--encryption-key-length=<em>LENGTH</em></b></p>
      
        <p>Set key length to LENGTH bits when creating a new RSA credential
        encryption key. Defaults to 4096.</p>
      
    
    
      <p><b>--encryption-key-type=<em>TYPE</em></b></p>
      
        <p>Use the key type TYPE when creating a new credential encryption key.
           Currently only RSA is supported.</p>
      
    
    
      <p><b>--encrypt-all-credentials</b></p>
      
        <p>(Re-)Encrypt all credentials.</p>
      
    
    
      <p><b>--feed-lock-path=<em>PATH</em></b></p>
      
        <p>Sets the path to the feed lock file.</p>
      
    
    
      <p><b>--feed-lock-timeout=<em>TIMEOUT</em></b></p>
      
        <p>Sets the number of seconds to retry for if the feed is locked in contexts (like migration or rebuilds) that do not retry on their own (like automatic syncs). Defaults to 0 (no retry).</p>
      
    
    
      <p><b>-f, --foreground</b></p>
      
        <p>Run in foreground.</p>
      
    
    
      <p><b>--get-scanners</b></p>
      
        <p>List scanners and exit.</p>
      
    
    
      <p><b>--get-users</b></p>
      
        <p>List users and exit.</p>
      
    
    
      <p><b>--gnutls-priorities=<em>PRIORITIES-STRING</em></b></p>
      
        <p>Sets the GnuTLS priorities for the Manager socket.</p>
      
    
    
      <p><b>--inheritor=<em>USERNAME</em></b></p>
      
        <p>Have USERNAME inherit from deleted user.</p>
      
    
    
      <p><b>-a, --listen=<em>ADDRESS</em></b></p>
      
        <p>Listen on ADDRESS.</p>
      
    
    
      <p><b>--listen2=<em>ADDRESS</em></b></p>
      
        <p>Listen also on ADDRESS.</p>
      
    
    
      <p><b>--listen-group=<em>STRING</em></b></p>
      
        <p>Group of the unix socket</p>
      
    
    
      <p><b>--listen-mode=<em>STRING</em></b></p>
      
        <p>File mode of the unix socket</p>
      
    
    
      <p><b>--listen-owner=<em>STRING</em></b></p>
      
        <p>Owner of the unix socket</p>
      
    
    
      <p><b>--max-concurrent-scan-updates=<em>NUMBER</em></b></p>
      
        <p>
          Maximum number of scan updates that can run at the same time.
          Default: 0 (unlimited).
        </p>
      
    
    
      <p><b>--max-email-attachment-size=<em>NUMBER</em></b></p>
      
        <p>Maximum size of alert email attachments, in bytes.</p>
      
    
    
      <p><b>--max-email-include-size=<em>NUMBER</em></b></p>
      
        <p>Maximum size of inlined content in alert emails, in bytes.</p>
      
    
    
      <p><b>--max-email-message-size=<em>NUMBER</em></b></p>
      
        <p>Maximum size of user-defined message text in alert emails,
           in bytes.</p>
      
    
    
      <p><b>--max-ips-per-target=<em>NUMBER</em></b></p>
      
        <p>Maximum number of IPs per target.</p>
      
    
    
      <p><b>--mem-wait-retries=<em>NUMBER</em></b></p>
      
        <p>
          How often to try waiting for available memory. Default: 30.
           Each retry will wait for 10 seconds.
        </p>
      
    
    
      <p><b>-m, --migrate</b></p>
      
        <p>Migrate the database and exit.</p>
      
    
    
      <p><b>--min-mem-feed-update=<em>NUMBER</em></b></p>
      
        <p>
          Minimum memory in MiB for feed updates. Default: 0.
          Feed updates are skipped if less physical memory is available.
        </p>
      
    
    
      <p><b>--modify-scanner=<em>SCANNER-UUID</em></b></p>
      
        <p>Modify scanner SCANNER-UUID and exit.</p>
      
    
    
      <p><b>--modify-setting=<em>UUID</em></b></p>
      
        <p>Modify setting UUID and exit.</p>
      
    
    
      <p><b>--new-password=<em>PASSWORD</em></b></p>
      
        <p>Modify user's password and exit.</p>
      
    
    
      <p><b>--new-password=<em>PASSWORD</em></b></p>
      
        <p>Modify user's password and exit.</p>
      
    
    
      <p><b>--optimize=<em>NAME</em></b></p>
      
        <p>Run an optimization: vacuum, analyze, add-feed-permissions,
           cleanup-config-prefs, cleanup-feed-permissions,
           cleanup-port-names, cleanup-report-formats, cleanup-result-nvts,
           cleanup-result-severities, cleanup-schedule-times, cleanup-sequences,
           cleanup-tls-certificate-encoding, migrate-relay-sensors,
           rebuild-report-cache or update-report-cache.</p>
      
    
    
      <p><b>--osp-vt-update=<em>SCANNER-SOCKET</em></b></p>
      
        <p>Unix socket for OSP NVT update.  Defaults to the path of the 'OpenVAS Default' scanner if it is an absolute path.</p>
      
    
    
      <p><b>--password=<em>PASSWORD</em></b></p>
      
        <p>Password, for --create-user.</p>
      
    
    
      <p><b>-p, --port=<em>NUMBER</em></b></p>
      
        <p>Use port number NUMBER.</p>
      
    
    
      <p><b>--port2=<em>NUMBER</em></b></p>
      
        <p>Use port number NUMBER for address 2.</p>
      
      
      <p><b>--rebuild-gvmd-data=<em>TYPES</em></b></p>
      
        <p>
          Reload all gvmd data objects of a given types from feed.
        </p>

        <p>
          The types must be &quot;all&quot; or a comma-separated of the
          following: &quot;configs&quot;, &quot;port_lists&quot; and
          &quot;report_formats&quot;.
        </p>


      <p><b>--rebuild-scap</b></p>
      
        <p>
          Rebuild all SCAP data.
        </p>
      
    
    
      <p><b>--relay-mapper=<em>FILE</em></b></p>
      
        <p>Executable for mapping scanner hosts to relays.
          Use an empty string to explicitly disable.
          If the option is not given, $PATH is checked for gvm-relay-mapper.
        </p>
      
    
    
      <p><b>--role=<em>ROLE</em></b></p>
      
        <p>Role for --create-user and --get-users.</p>
      
    
    
      <p><b>--scanner-ca-pub=<em>SCANNER-CA-PUB</em></b></p>
      
        <p>Scanner CA Certificate path for --[create|modify]-scanner.</p>
      
    
    
      <p><b>--scanner-credential=<em>SCANNER-CREDENTIAL</em></b></p>
      
        <p>Scanner credential for --create-scanner and --modify-scanner.</p>
        <p>Can be blank to unset or a credential UUID. If omitted, a new
          credential can be created instead.</p>
      
    
    
      <p><b>--scanner-host=<em>SCANNER-HOST</em></b></p>
      
        <p>Scanner host or socket for --create-scanner and --modify-scanner.</p>
      
    
    
      <p><b>--scanner-key-priv=<em>SCANNER-KEY-PRIVATE</em></b></p>
      
        <p>Scanner private key path for --[create|modify]-scanner
          if --scanner-credential is not given.</p>
      
    
    
      <p><b>--scanner-key-pub=<em>SCANNER-KEY-PUBLIC</em></b></p>
      
        <p>Scanner Certificate path for --[create|modify]-scanner
          if --scanner-credential is not given.</p>
      
    
    
      <p><b>--scanner-name=<em>NAME</em></b></p>
      
        <p>Name for --modify-scanner.</p>
      
    
    
      <p><b>--scanner-port=<em>SCANNER-PORT</em></b></p>
      
        <p>Scanner port for --create-scanner and --modify-scanner.</p>
      
    
    
      <p><b>--scanner-type=<em>SCANNER-TYPE</em></b></p>
      
        <p>Scanner type for --create-scanner and --modify-scanner.</p>
        <p>Either 'OpenVAS', 'GMP', 'OSP-Sensor' or a number
           as used in GMP.</p>
      
    
    
      <p><b>--schedule-timeout=<em>TIME</em></b></p>
      
        <p>Time out tasks that are more than TIME minutes overdue.
           -1 to disable, 0 for minimum time.</p>
      
    
    
      <p><b>--secinfo-commit-size=<em>NUMBER</em></b></p>
      
        <p>During CERT and SCAP sync, commit updates to the database every
           NUMBER items, 0 for unlimited.</p>
      
    
    
      <p><b>--slave-commit-size=<em>NUMBER</em></b></p>
      
        <p>During slave updates, commit after every NUMBER updated results and
           hosts, 0 for unlimited.</p>
      
    
    
      <p><b>-c, --unix-socket=<em>FILENAME</em></b></p>
      
        <p>Listen on UNIX socket at FILENAME.</p>
      
    
    
      <p><b>--user=<em>USERNAME</em></b></p>
      
        <p>User for --new-password.</p>
      
    
    
      <p><b>--value=<em>VALUE</em></b></p>
      
        <p>Value for --modify-setting.</p>
      
    
    
      <p><b>--verbose</b></p>
      
        <p>Has no effect.  See INSTALL.md for logging config.</p>
      
    
    
      <p><b>--verify-scanner=<em>SCANNER-UUID</em></b></p>
      
        <p>Verify scanner SCANNER-UUID and exit.</p>
      
    
    
      <p><b>--version</b></p>
      
        <p>Print version and exit.</p>
      
    
    
      <p><b>--vt-verification-collation=<em>COLLATION</em></b></p>
      
        <p>          
          Set collation for VT verification to COLLATION, omit or leave empty
          to choose automatically. Should be 'ucs_default' if DB uses UTF-8
          or 'C' for single-byte encodings.
        </p>

  <h2>SIGNALS</h2>

    <p>SIGHUP causes gvmd to rebuild the database with information from
       the Scanner (openvas).</p>
  


  <h2>EXAMPLES</h2>

    <p>gvmd --port 1241</p>
    <p>Serve GMP clients on port 1241 and connect to an OpenVAS scanner via the
       default OTP file socket.</p>
  


  <h2>SEE ALSO</h2>

    <p>
      <b>openvas (8)</b>,
      <b>gsad (8)</b>,
      <b>ospd-openvas (8)</b>,
      <b>greenbone-certdata-sync (8)</b>,
      <b>greenbone-scapdata-sync (8)</b>,
    </p>
  


  <h2>MORE INFORMATION</h2>

    <p>
      The canonical places where you will find more information
      about the Greenbone Vulnerability Manager are:
    </p>
    <p>
      <a href = "https://community.greenbone.net">https://community.greenbone.net</a>
        (Community Portal)
    </p>
    <p>
      <a href = "https://github.com/greenbone">https://github.com/greenbone</a>
        (Development Platform)
    </p>
    <p>
      <a href = "https://www.greenbone.net">https://www.greenbone.net</a>
        (Greenbone Website)
    </p>
  


  <h2>COPYRIGHT</h2>

    <p>
      The Greenbone Vulnerability Manager is released under the GNU GPL,
      version 2, or, at your option, any later version.
    </p>
  


</td></tr></table></center>
</body>
